Human Resources

Privacy Compliance in HR - The Recruitment Phase

Law of Distraction

There’s nothing like the stench of a breakup to propel you into clean and clearer waters. Following a week of bingeing The Sopranos and fusing with the couch, Norah Wallace took her lead from Tony and started to deal with her personal and professional issues affecting her mental state. She RSVP’d to an interview at The Rolling Scone, the wildly successful bakery Norah idolized since its opening. She took the plunge (and an exorcizing shower) and marched down to Savory Staffing Solutions. What she didn’t anticipate was the privacy compliance ordeal she was about to embark upon.

Interview Day

She sat there, across from the recruitment agent hoping there wasn’t any couch still stuck to her and that this opportunity wasn’t too good to be true. All was going well until Mrs Morton asked a question that sent her ears pinging…

“We’ll need to do a public social media check.”

Norah’s inner voice almost blurted out, “A social media what? Someone needs to look into this company’s data protection compliance! Isn’t this how job candidates end up having their identities stolen and sold down the river for a couple of bucks and a Netflix login!” The agent interrupted Norah, mid-distrust fall.

“Do you suffer from any of the following illnesses?”

“Wait!” she thought, “What do my seasonal allergies have to do with a potential hiring company? This lot just wants to pry into my medicine cabinet and have a laugh by the water cooler at my hay fever prescription!” Norah envisioned being a running joke at The Rolling Scone for years to come. She desperately wanted to remain professional but wasn’t prepared to be burned by someone she trusted again.

Questioning the Compliance


“Excuse me, Mrs Morton, I know I’m going to get a chance to ask my questions but if you don’t mind me jumping the gun…exactly how long are you going to keep all this information on record?”

“Six months,” Mrs Morton jiggled her glasses and took her anticipatory breath to re-ask her previous question.

“Why do you need to keep my personal information for that long?” Norah interrupted.

“We keep all records for six months, but the law requires us to keep some records longer. Sometimes, candidates such as yourself will ask us to keep them on file in the event other suitable jobs may arise. We delete these after one year. We don’t keep records indefinitely.”

“Well, I guess that makes sense. Another thing, why in the world do you need to look at my social media pages? I thought business and personal spaces should be separated.”

“Because The Rolling Scone is a public-facing company, they want to ensure that they don’t employ someone whose behavior is inconsistent with the values of the company or would compromise the person’s ability to do their job, hence the public social media check. 

“Seems logical. Okay, how about needing to know about my embarrassing illnesses? What’s that all about?”

Mrs Morton took another breath. “If you had just let me finish, dear…the list of illnesses only included conditions that could place customers and your fellow workers at risk. It would help them to know if you had TB before they let you frost any cupcakes.” Norah and Mrs Morton shared a giggle. “Ms Wallace, you can relax. These were actually great questions about data privacy management”

“Wow, a baker asking the right questions about data privacy? They should put me in cookie management.”

“Despite your perplexing humor, you have an impressive and diverse portfolio. This is quite a tough gig but I’m going to put a special recommendation with your application and hopefully, The Scone will call you in to meet with them.”

A Home Run? Or Run Home?


Norah’s luck was finally changing and she was feeling exhilarated. However, as she felt the excitement circulate the room, she still had a nagging feeling at the back of her mind. Am I good enough? What if the other candidates have double my skills and experience? And what if I completely blow the next interview, who knows what questions they’ll ask…

Well, she soon found out…

What those in the know say...


Q - How long can a recruitment agency keep your personal details?

A - As long as the agency has an expiry diary, and then diligently deletes all relevant records. The agency should also be able to provide evidence that the candidate asked for records to be kept for longer. The successful candidate should also make a similar inquiry to the hiring company.


Q - Why do hiring companies need to do social media checks?

A - These companies probably have a legitimate interest in ensuring that a candidate's public persona does not compromise their values or work. That being the case, such a company would need to identify the legitimate interest, consider the necessity for processing the personal data, and consider the interests of the candidate – also known as the three-part test.


Q - Why is a hiring company interested in my health?

A - While this could relate to the nature of work and risks posed to clients and employees, it is questionable why they would be asking for this level of detail at this stage. Is there a need to collect sensitive personal data from all candidates at this stage? Why not include a general statement stating that they will only collect the information from the candidate who is offered the job?

Want to learn more about data protection with PrivIQ? 

Similar posts